iso image authentication check. Please help explain, very hard to understand.

Quote:

Url ref: https://wiki.manjaro.org/index.php/H...al_.ISO_images Authenticity ------------ step1: *download the *.gpg signature file* Code:wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpgstep2: Next, import all the keys in the downloaded .GPG file into your gnupg keyring: Code:$gpg --import manjaro.gpg3.2 If you do not trust GitHub, import Philip Muller's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER): Code:gpg --keyserver hkp://pool.sks-keyservers.net --search-keys 11C7F07E4. Finally, verify if the .ISO image file was built by one of Manjaro's Developers or Philip Muller: Code:gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sigCompare the key, which was used to sign the .ISO file to the key Check, whether the .ISO was verified by Philip Muller's key ("11C7F07E") or another Manjaro Developer's key, which you have imported to your system. If this is the case, you can be sure that your .iso file was built by Philip Muller or another Manjaro Developer.

Hii
Q1.
Can you explain the reason for step 2 ?
I don't get it why import to gnupg keyring.. what is that ? It even said "all key" how many key are there ? isn't it just 1 *.gpg file ?
confusing.

Q2.
What does it meant by 3.2 ? and what does this command do ? Where 11C7F07E comes from ?
Code:gpg --keyserver hkp://pool.sks-keyservers.net --search-keys 11C7F07E
Q3.
Code:gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sigThis should be the only gpg authentication verification command right ?
I think both iso image file and *.sig should have common file name and must be in the same directory where the command is running, right ?
It seems to me with this command alone, authentication can be verified, why the need for above "import and keyserver" command in Q1 and Q2 for ?

Can someone explain ? So much complicated steps which no idea what they are for ..
Please enlighten me.
Thanks